Slashdot Mirror

← Back to Stories (view on slashdot.org)

How The FBI Might've Opened the San Bernardino Shooter's iPhone 5c (schneier.com)

Posted by EditorDavid on from the how-to-brute-force-a-passcode dept.

"Remember the San Bernardino killer's iPhone, and how the FBI maintained that they couldn't get the encryption key without Apple providing them with a universal backdoor?" Slashdot reader LichtSpektren quotes Bruce Schneier: Many of us computer-security experts said that they were wrong, and there were several possible techniques they could use. One of them was manually removing the flash chip from the phone, extracting the memory, and then running a brute-force attack without worrying about the phone deleting the key. The FBI said it was impossible. We all said they were wrong. Now, Sergei Skorobogatov has proved them wrong.
Sergei's new paper describes "a real world mirroring attack on the Apple iPhone 5c passcode retry counter under iOS 9." The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors. By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts... Although the process can be improved, it is still a successful proof-of-concept project.

7 of 66 comments (clear)

  1. FBI was foolin' by turkeydance · · Score: 2, Interesting

    they knowed how

  2. Is anyone really surprised? by Jester998 · · Score: 3, Insightful

    Is anyone REALLY surprised that the FBI was wrong? Government doesn't attract top-tier talent. Never has, never will. When your hiring practices, policies, procedures, compensation and benefits are all at the bottom of the barrel, well... that's what you get. The bottom of the barrel.

    1. Re:Is anyone really surprised? by ShanghaiBill · · Score: 2, Interesting

      Yup, that's why we all remember the 1968 private Moon landing so well, right?

      The moon race was a lavishly funded and otherwise pointless political exercise to show the world that we had bigger dicks than the Soviets. To use it as an example of government efficiency and effectiveness is silly.

      Speaking of Soviet dick size: During WW2, the Soviet Red Army deployed a 2 inch trench mortar, but had difficulty keeping rain out of the barrel. Without explaining the purpose, they asked the Americans to supply thousands of condoms 12 inches long and 2 inches in diameter, which would fit perfectly over the muzzle. So the Americans manufactured the condoms ... and shipped them in boxes marked "medium".

    2. Re:Is anyone really surprised? by jasnw · · Score: 3, Interesting

      There are at least two interpretations for this apparent failure: (1) the Feds are dumb as a box of rocks as you say, or (2) they knew perfectly well how to do this but wanted the courts to establish precedence for ordering manufacturers like Apple to provide access to customers' encrypted storage. Or it could be a little of both. I've worked with the Federal government for over 40 years, and either of these is well within the realm of possibility. I will say, however, that the recent tenor from the FBI and its director about encryption make me believe more in #2 than #1.

    3. Re:Is anyone really surprised? by KozmoStevnNaut · · Score: 4, Insightful

      Calling the moon landing and the space program in general a "pointless political exercise" is pretty ridiculous, when you consider the massive amount of spinoff technologies that we take for granted every single day of our lives.

      --
      Eat the rich.
  3. this isn't an external brute force attack by YesIAmAScript · · Score: 4, Informative

    This attack is still done on device. It just clones the NAND back to "0 strikes" after each 6 attempts.

    This attack doesn't extract the memory and doesn't decode externally. It just copies NANDs.

    Why is this significant? Because it means you can't do extraction in parallel, you still have to go through all the codes sequentially on the device.

    It defeats the significant portions of the backoff. It defeats the erase after n failures. It's a very significant attack.

    But no one said this type of attack was impossible. I personally read about variants on this attack while the controversy was going on. I even posited it myself. I believe Apple even addressed it claiming that this attack wasn't possible on later iPhones due to a change in how the failure count is stored.

    --
    http://lkml.org/lkml/2005/8/20/95
  4. Re:This is not new information by postbigbang · · Score: 2

    In a perfect world, what you say is true, but the parent poster has a good point.

    1. Because there's no such thing as a truly random number, one characterizes the number generator and then determine its bias. (See NSA-NIST->RSA foibles)

    2. The decrypting machinery has to be perfect, and not cache the results in some mind-numbing way (see several CVEs)

    3. In the actual case, the capability of resetting the NAND or using proximal bit-flipping techniques to force recounts to null are well-known. Just crowbar the location by stunning it with nearby high/low bits as appropriate, and buh bye state.

    Yes, admittedly, crappy engineering. But zenith/stellar/foolproof engineering doesn't really exist, it's a lofty goal. With a big enough hammer, you can break anything.

    --
    ---- Teach Peace. It's Cheaper Than War.